AFP permissions question

[brossow]

Sorry in advance if this is covered somewhere, but I've searched and can't find it. (Probably my own fault.)

I have a new FreeNAS 8.0.4 setup and I doubt the system specs matter for the purpose of my question.

I have five users who are members of a group called "Everyone."

I have a ZFS dataset also called "Everyone" for which the Owner (user) is "nobody" and the Owner (group) is "Everyone." Owner, Group and Other all have full R/W/E access.

I have an AFP share also called "Everyone" with a correct path to the previously mentioned dataset of the same name. I have not (currently) specified anything from the Allow/Deny/Access lines, though I have previously tried it using @Everyone in the Allow list and for Read-Write Access. Disk Discovery is enabled and everything else is the default (disabled).

All users in the "Everyone" group can see the share and access it using their passwords. That's perfect.

PROBLEM: When any given user creates a directory in the root of the share, the other users can see it but cannot open it due to insufficient privileges. The desired behavior is that all users in "Everyone" can access all directories and files within the share. (I know I can change the permissions en masse after the directories/files have been added to the share by ticking the "Set permission recursively" box and re-saving the permissions on the dataset, but that's hardly a solution since it would have to be done every time something new is added.)

What am I doing wrong? Any help is greatly appreciated!

Thanks,
Brent

 

[louisk]

I solved this by setting the Everyone directory to be set group id (chmod g+s Everyone). use -R if you want to include your existing directories vs. starting fresh (chmod -R g+s Everyone).

 

[brossow]

That seems to have worked perfectly. Thank you, Louis! :)

 

[brossow]

Err ... I take that back. Now everyone can access directories created by anyone in that directory, but the privileges aren't inherited by the newly created directories.

In other words, if User A creates a new directory called "User A" in the root directory, User B can access that directory but User B cannot create new directories or save files in the "User A" directory. It comes out looking like this (where ./ is a directory created by User A in the root of the share and ../ is the root):

drwxrwsr-x 5 user-A everyone 6 Mar 17 19:45 ./
drwxrwsrwx 8 nobody everyone 9 Mar 17 19:45 ../
drwxr-sr-x 3 user-A everyone 3 Mar 17 19:45 User A/
drwxr-sr-x 3 user-B everyone 3 Mar 17 19:45 User B/

I appreciate any advice. It's been many years since I had to work seriously in the *nix side of things and I've forgotten a lot.

Brent

 

[brossow]

Surely I'm not the only person to experience this problem. Anyone?

 

[ReputableSquid]

I am experiencing this same problem and found that adding "perm:0770" to each share line definition in /etc/local/AppleVolumes.default resolves the issue.

Unfortunately, the GUI overwrites manual entries.

I'm stuck now.

 

[ReputableSquid]

Try this work around: Append to your Read-Write Access field perm:0770.

For example: Read-write Access @Users perm:0770

This tricks the WebGUI into adding the perm argument into the config file.